Kiri is nonsense and likely stolen code

Another person has decided that a Raspberry Pi and a seemingly stolen operating system is good enough to promote a KickStarter project that promises complete computer security.

Here’s the promise:

It is the Mini Computer that is designed to make all of your internet activity un-traceable and un-watchable. With this small computer you can perform your everyday tasks as well as creation/transfer of sensitive data without worrying about hackers or curious enterprises. When using Kiri, the feeling of freedom is truly unreal.

And now the disclaimer:

Please note: the work we are doing is NOT the hardware, we are building an operating system and optimizing it to run on Raspberry Pi hardware. We are also designing and manufacturing cases to enclose the computer.

Since most of the magic happens on the software side of things, we decided to build an operating system that is as secure as possible while also being extremely easy to use. After looking at a variety of hardware solutions (including manufacturing our own) and with ease of use in mind, we finally chose the Raspberry Pi to bring our software to life. This is because it is powerful, portable and very effective in running Kiri OS.

Cute. And they’re looking to raise 20,000 GBP, or about $29,000 USD for a lifted OS and a $40 computer.

Details given on Kiri OS

Little is known about where they lifted the operating system from other than it’s some sort of Linux with Gnome atop. Let’s go over some points in the KickStarter itself:

It is the Mini Computer that is designed to make all of your internet activity un-traceable and un-watchable.

[…]

We are also designing and manufacturing cases to enclose the computer.

[…]

The operating system itself is based on Linux and uses Gnome Shell to provide an incredibly easy to use and familiar interface (for Mac OSX users). Although it is based on an existing operating system, Kiri OS is VERY far from being just Linux.

[…]

In fact we have built most software from scratch, meaning there is nobody, except the engineers, who is able to determine how our security software works.

[…]

Kiri is simple to use but a lot happens in the background to make you anonymous. All of your activity is passed through the Tor network which relays your traffic across over seven thousand ip-addresses.

Tor is a software developed by the US Government and is the same network used by government agents to keep their identities and locations hidden. This network is not generally easy to access, but now with Kiri, it is.

The best part of Kiri Os is that it connects through our own VPN servers in an un-disclosed location. The VPN servers are dedicated to Kiri OS users, but don’t make that think its easier to pin-point you. Our VPN network will be optimized to automatically switch users between ip-addresses on the server infrastructure at random intervals.

For those who don’t understand how VPNs work: It is a private network of servers which will route all of you internet traffic via encrypted signals. Since the VPN servers are dedicated to Kiri OS users, it will perform faster than any other shared VPN server. 

And best of all, there are no subscription costs for our VPN service it’s just free with Kiri Computer.

So it promises the following:

  • To be untraceable and unwatchable
  • They’re designing their own custom case for the Raspberry Pi–an unnecessary expense to say the least
  • Runs atop of Linux and Gnome, yet claims that it’s far-removed from being Linux itself
  • It’s all written “from scratch” (although runs atop of some Linux and Gnome) and nobody but the engineers knows how it works
  • It uses Tor but also some sort of VPN in an “undisclosed location”?

None of the above really makes sense but it really reads as it’s based on Tails, which is a Debian-based operating system with Gnome. However, Tails is only available for Intel processors (officially) so we’d have to look elsewhere. It may be possible that it may be based on something like this post from Cipherpunks.

No source code has been made available in the KickStarter nor on the creator’s website.

They also have an “elite” hacker working with them:

We have also had help from a certain un-named ‘elite’ hacker who was able to hack in to our first prototype. With his help we are able to test how safe Kiri can be, and it has reached a stage where even an elite hacker cannot penetrate the system. 

I’d be curious to know how this “elite” hacker broke into the device. Did they have physical access?

Screen Shot 2016-06-01 at 20.59.33

Really. It’s tough to understand whether or not they need to develop an operating system or if they have a prototype of one and need to improve upon it. The money desired to create such an operating system like promised is simply not enough especially when we examine the background of the creator.

About DYC Studio and Taheer Jokhia

DYC Studio was registered in the United Kingdom by Mohamed Taheer Jokhia (referred to as just “Taheer Jokhia”) in September 2015 (you can see the government filing here). According to the filing, there has been only a single appointment and the address given is an apartment near Paddington Station in London.

DYC Studio’s KickStarter bio claims the following:

Dyc Studio is a team of professional designers, software engineers and user experience specialists with over 50 years of experience combined.

We have built a variety of softwares including intranet based operating systems for companies. Kiri OS will be our first full operating system, but that does not mean we cannot do it better than anyone else. We have team members who have built full operating systems in the past.

Taheer’s original LinkedIn claims that he was an unemployed freelancer living in Manchester, but a different account which also mentions DYC Studio claims that he graduated with a Bachelor of Arts in Advertising Design from the University of Salford. His development career started in early 2015 with various developer roles scattered across four companies, none of which mention anything security-related.

Taheer went out of his way to scrub the DYC Studio website because if you search for just the domain dycstudio.com, you get plenty of results relating to their own website yet all of them are 404’d.

However, fortunately some results are cached and we were able to get some information on who DYC Studio actually is. Here’s what Google had cached from their about page:

DYC Studio is a creative team with a mixture of skills that worked best together. We develop website and design solutions for a massive range of industries internationally. We are a world class professional web development and marketing agency that creates digital solutions for any kind of business or individual.

We employ some of the best graphic designers, web developers and SEO marketers who specialise in small and large businesses. We keep up with the latest design trends and technology so you don’t have to.

If you are seeking a trustworthy reputable web design company to create your website and/or app.

[…]

We specialise in the following services:

Website Design and Development
Search Engine Optimisation
App Development
Software Development
Digital Automation
Creation of Innovative Business Solutions and Tools

Nothing to say about cryptography or operating system development here. We can also see its marketing past evident in the Twitter account they’re using to promote the KickStarter:

Screen Shot 2016-06-01 at 19.16.38

Even as recent as of this past January, there were still tweets about their traditional business:

Screen Shot 2016-06-01 at 20.45.39

This company is all nonsense. No other person other than Taheer mentions working for DYC Studio on their LinkedIn profile.

What I can say is that DYC Studio’s Instagram shows a Twitter follower bot being used:

Screen Shot 2016-06-01 at 22.11.40

I wonder if this is included in the OS.

This is not their first rodeo

So it turns out that Taheer has attempted a KickStarter in the past and failed. DYC Studio (aka “Design You Creative”) claimed to be a game developer studio in Manchester:

Small indie games development studio based in Manchester, UK. We are beyond creative and have a range of crazy minds with amazing ideas.

The details on this KickStarter can be used to find this Facebook page, which again does not indicate any ability to develop their own OS or implement security.

Verdict

There is very little likelihood that this is what it claims to be and is likely violating a number of licences.